Skip to main content
Article | Managing Risk

Counter terrorism contingency planning

Risk & Analytics|Corporate Risk Tools and Technology|Property|Risk Management Consulting

By Jim Fox | November 6, 2020

This article discusses the measures organisations can take to accurately identify, assess, evaluate and manage their terrorism risks.


In February 2020 the UK Home Office announced plans to introduce a new law requiring owners and operators of public spaces and venues to put in place measures to keep the public safe from terrorist attacks1 .

The new proposed law would require venue operators to consider the risk of a terrorist attack and take proportionate and reasonable measures to prepare for and protect the public from such an attack. The new ‘Protect Duty’ takes lessons learned following the attacks in 2017 and also follows discussions with victims’ groups such as the Martyn’s Law campaign, established by the mother of one of the victims of the Manchester Arena attack.

Terrorism can come to an organisation at any time with little or no notice. The attack methodology over the last few years primarily involved vehicles, knives and explosive devices with the intention to kill or injure as many people as possible in the shortest amount of time.

Despite the current COVID-19 pandemic, visitors to your premises (and indeed the immediate surrounding area) should reasonably expect a level of security and planning commensurate with the threat, and if the worst were to happen, a response that is well practiced and familiar to all staff.

So what should we do?

It is important to note that this article is aimed at giving organisations ample opportunity to plan-in the potential changes gradually and ahead of any legislative change.

Firstly, the proposed legislation will go through a consultation phase; this was due to go through consultation in spring of 2020, but is now likely to take place in 2021. The consultation will seek views from a range of organisations in all sectors, including the security industry and campaign groups, with any new legislation likely to move to parliament afterwards.

The law could ultimately require organisations to consider the risk of a terrorist attack and take proportionate and reasonable measures, these measures could include training for staff, appropriate planning and testing on a regular basis. It is good practice to begin thinking about these things now in advance of any legal requirement, it will allow you to plan appropriately at a considered pace and identify the measures that you don’t have yet.

There is a wealth of information in the public space. However, as a minimum, you may want to consider (and document) the following:-

  • Could my venue/building/premise be considered a target by terrorists?
  • What neighbours do I have around my sites – could they be a target and impact my staff/visitors?
  • What security measures should I already have in place – are they commensurate with the threat?
  • Are my employees trained in identifying ‘hostile reconnaissance’ and reporting suspicious activity?
  • Would employees know what to do during a terrorist attack?
  • Do I have appropriate plans in place to deal with such an attack?
  • What crisis messaging would we use and when?
  • Have we got resilience within our crisis management team – to make the critical decisions in a timely manner?
  • When was the last time you exercised your crisis management team in a terrorist attack scenario?

Irrespective of whether this legislation proceeds or not, it’s important that organisations consider their plans on an equal level to other mandatory requirements (e.g. health and safety) as they are fundamental in business continuity planning and good practice.

Organisations have a moral duty to do all they can to protect visitors and staff within their venues and whilst terrorist attacks in the United Kingdom are thankfully very infrequent, the impacts are truly devastating for anyone caught up in them.

Organisations have a moral duty to do all they can to protect visitors and staff within their venues

Want to find out more

It is important that organisations accurately identify, assess, evaluate and manage their terrorism risks in order to operate safely and securely.

The way you manage risk demonstrates to customers and shareholders how you value your business.

If you need further advice or guidance on any of the above then please do get in touch.




Risk Management Executive - Cyber Risk & Crisis Management

Related Capabilities

Contact Us